Cool Head & Cold Wallet: How to Protect Your Crypto From Scammers
Subscribe
The latest scandal involving FTX, a Bahamas-based cryptocurrency exchange that abruptly collapsed at the beginning of November leaving many of its investors penniless, has brought the cryptocurrency scam problem to the forefront.
A vast variety of scams involving cryptocurrencies exist, including scammers using fake initial coin offerings (ICOs) to persuade investors to buy fake cryptocurrencies; Ponzi schemes using money from new investors to pay off old ones; and fake cryptocurrency exchanges designed to steal people's money.
In addition, cryptoinvestors could be subjected to phishing, vishing and smishing attacks – via email, text or phone – aimed at grabbing their wallet seeds and passwords.
Sputnik sat down with cyber security experts to discuss how to shield one's crypto assets from fraud and scammers.
What to Do if You've Been Scammed
If you fall into the trap of a cryptocurrency scam, there are a few steps you can take to try and recover your funds, according to Lars Hilse, a global leader in digital strategy, cybersecurity, cyberterrorism and cybercrime, who stressed that none of his recommendations should be seen as financial advice.
"First, you should contact the relevant authorities, such as the police, to report the scam," Hilse told Sputnik. "You may also want to contact your bank or credit card company to try and reverse any fraudulent transactions. Additionally, you can contact the cryptocurrency exchange where you bought the assets and see if they can help you recover your funds. However, it is important to keep in mind that in many cases, it is difficult or impossible to recover money lost in a cryptocurrency scam, so it is important to be cautious and avoid falling victim to these types of scams in the first place."
If you have become a victim of a scam, seek legal counsel and consider forming a class-action lawsuit with other users as many who were impacted, echoed Matthew Hickey, a security researcher and co-founder of the cybersecurity firm Hacker House, who is actively involved in the Web3 space working with one of the top #3 blockchains in the world (XRPL) for the banking platform Cove Crypto.
"Whilst cybercrime is rampant, investigation techniques and recovery services are beginning to show advances in forensics and detection, there have also been white-hat hackers who have protected users by ensuring that systems are resilient to theft, although often this comes only as breaches happen and whilst your first step is to panic - the next response should be to calm your emotions and investigate to the best of your abilities," Hickey told Sputnik. "Whilst large exchanges often sound appealing to retail investors, they often centralize technology and pose increased risks from collapse or manipulation."
Bankman-Fried Arrest: FTX Founder May Know Whether Foreign Money Flew Into US Politics, Analyst Says
13 December 2022, 18:57 GMT
How to Avoid Scammers & Protect Yourself
Scams are widespread, so the first rule is "not your keys, not your crypto," says Matthew Hickey.
"Avoid centralized exchanges, make use of DeFi and de-centralized exchange platforms (commonly referred to as DEX) to enable finance which reduces your risk of compromise from centralized platforms," Hickey said.
The collapse of FTX, which was a de facto big and messy "centralized" exchange system, prompted users to turn to decentralized financial systems (DeFi) and decentralized exchanges (DEX), where crypto investors have more control over their coin, according to the US media.
Reports also suggest that decentralized crypto systems are designed to not allow some brazen tech CEOs to commingle customers' funds as FTX did, or take one's crypto away.
In fact, a decentralized exchange does not store crypto in the first place: in this case, an investor uses a "cold wallet" (or a hardware wallet) to download their holdings.
A hardware wallet – typically a USB drive – is where one's private crypto keys are stored offline. It is not connected to the internet, hence is less vulnerable to cybercrimes.
Second, users should perform due diligence on platforms or services they choose to invest in, Hickey highlighted.
When it comes to cryptocurrency exchange – such as FTX founder Sam Bankman-Fried once provided – a customer should take several steps to ensure that he/she won't become a victim of fraud.
To that end, you should not only get all necessary information about the company you are investing in/through, but also about the owners and any other stakeholders in the company, Hilse underscored.
Also, it is important to be vigilant and carefully review any transactions for signs of fraud, the expert continued. "If you notice any suspicious activity, you should immediately contact your exchange's customer support team," he warned.
Above all, you should make sure that you have strong security measures in place, such as two-factor authentication and secure passwords, according to Hilse. "You should also regularly update your software to fix any vulnerabilities that may have been discovered," he stressed.
Third, if you decide to establish a cryptoexchange system, you should conduct regular security auditing and undergo constant evaluation of your exchange as threats to both the platform and its users, according to Matthew Hickey.
"We have seen examples where attackers are utilizing advanced tradecraft to target users and it can result in potentially devastating losses - the recent arrest of FTX founder shows that the legal system is often a slow process and that platforms can sometimes act in bad faith," he remarked.
The security researcher pointed out that it's important to understand that "cyber security and the threat landscape is just as important to individuals as it is to the platforms itself and users should be aware of the risks they take with technologies."
"If you are running an exchange or a web3 platform then ensure that you protect user data appropriately and store as little as is legally required to deter loss and theft," Hickey explained. "Users who take self-custody and live by the mantra 'not your keys, not your crypto' can help to minimize risk when exploring these emerging markets. Those who do not learn history are doomed to repeat it and as anyone who saw the collapse of Mt.Gox would agree, centralized platforms, even those that appear successful can fail. Some would call for better regulation whilst others - better innovation."
The FTX collapse has given a bitter lesson to its investors. Time will tell whether trust in crypto will be completely rebuilt in the post-FTX era.